Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add missing S3 permissions #796

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add missing S3 permissions #796

wants to merge 1 commit into from
+18 −1

Conversation

lzap
Copy link
Contributor

@lzap lzap commented Jan 14, 2025

I was testing this on a newly created account and two permissions were missing.

achilleas-k
achilleas-k previously approved these changes Jan 14, 2025
View reviewed changes
@achilleas-k achilleas-k enabled auto-merge January 14, 2025 17:17
@achilleas-k
Copy link
Member

Thanks!

@lzap
Copy link
Contributor Author

lzap commented Jan 14, 2025

I am adding resource to be aligned with the linked doc.

achilleas-k
achilleas-k previously approved these changes Jan 14, 2025
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again!

@lzap
Copy link
Contributor Author

lzap commented Jan 14, 2025

DO NOT MERGE SORRY

==> osbuild-temp.amazon-ebs.centos9: 2025/01/14 17:37:44 error: cannot upload AMI: AccessDenied: User: arn:aws:iam::399777895069:user/lzap-packer is not authorized to perform: s3:DeleteObject on resource: "arn:aws:s3:::lzap-packer/9943c33b-5a14-4e18-bcb8-d3024b56fcfe-disk.raw" because no identity-based policy allows the s3:DeleteObject action

Looks like one is missing. Drafting now.

@lzap lzap disabled auto-merge January 14, 2025 17:39
@lzap lzap marked this pull request as draft January 14, 2025 17:39
@lzap lzap marked this pull request as ready for review January 14, 2025 18:29
@lzap
Copy link
Contributor Author

lzap commented Jan 14, 2025

Now it works.

@lzap
Copy link
Contributor Author

lzap commented Jan 15, 2025

Forgot to push the last permission yesterday's evening. OMG what a pain, now I swear it works :-D

achilleas-k
achilleas-k reviewed Jan 15, 2025
View reviewed changes
README.md
Comment on lines +217 to +220
"arn:aws:s3:::amzn-s3-demo-import-bucket",
"arn:aws:s3:::amzn-s3-demo-import-bucket/*",
"arn:aws:s3:::amzn-s3-demo-export-bucket",
"arn:aws:s3:::amzn-s3-demo-export-bucket/*"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw the word demo in the resource names and had to look up how they're used exactly. We should mention in the text above that amzn-s3-demo-import-bucket and amzn-s3-demo-export-bucket are example names. They are, right?

It should also be enough to just have one, maybe? Or change the name to reflect our use case as a slightly more concrete example. Like bib-ec2-image-upload-bucket-example or something.

Or am I wrong about what this all means?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really the bucket name in ARN format, I was trying to match what is documented in the linked AWS doc rather than this README. I can change if you insist, I take it since this is part of the documentation it should be more clear to a user who is copy-pasting these blocks into AWS UI that they should replace this one as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achilleas-k achilleas-k achilleas-k left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lzap @achilleas-k